Hybrid View

Should localhost be in trusted zone?

I've tried to search the ZA help and forums on this, but it has only left me confused.

I've been using ZoneAlarm Free for over ten years. Throughout that time, I've always applied updates and moved to the new versions as soon as I was notified of them. On several occasions I made completley clean installs when I replaced a computer with a new one. But the changes in ZA 10 have made me realise and think about something I've never realised or thought about before.

That is that over the ten years, and through all the versions and clean installs, localhost/loopback/127.0.0.1 has never been in the trusted zone in my ZA; it's always been in the internet zone.

I have never knowingly answered a configuration question as to whether localhost should be in the trusted zone; and I have certainly never moved it from trusted zone to internet zone. But it has always been in the internet zone, so I can only conclude that it is the default setting that it should be in the internet zone, not the trusted zone.

What's brought the matter up is ZA 10 not having the ability all previous versions had to leave ZA always asking if a particular program should have internet access or not. I have several programs that always need to access modules and/or other programs on the same computer via internet protocols to work, but which also occasionally try to connect out onto the internet, which I don't want to allow. Because localhost was, by default, in the internet zone, I left ZA always asking when those programs wanted access, and if it was to 127.0.0.1 I would grant it (but leaving ZA set to always ask), while if it was to an external IP address I would deny it.

But with ZA 10, I can't leave it set to always ask. And it's far too much hastle to manually change the ZA program permissions every session.

So it occured to me that if localhost/127.0.0.1 was in the trusted zone, for those programs I could grant permanent permission for trusted zone access, while permanently denying internet zone access.

But that has made me think about the default settings. There's nothing about it in the ZA help documents or knowledge base. Searching in the forums has brought up a couple of posts where people say that ZA's default is to have localhost in the trusted zone. But I know it has always been in the internet zone for the 10+ years I've been using it, at least in my copies - I've never changed it, never answered a setup question about it, and if it had been in the trusted zone, then these programs wouldn't have been asking about 127.0.0.1 access each time.

So, as moving localhost to the trusted zone would solve the ZA 10 problem the loss of ability to leave a program being asked about every time it's used has raised, I really need to ask a question:

Is there any good reason not to have localhost in the trusted zone? Is there any specific vulnerability or threat that would exist with localhost in the trusted zone that would not exist with it in the internet zone?

A second question would be, if there's no good reason not to have localhost in the trusted zone, why has the default been to have it in the internet zone all these years? But that's just curiosity. The important question is whether I can safely put it in the trusted zone now.

Thanks for any help.

(Laptop with Windows 7 64-bit, latest ZA Free, internet access via wi-fi to a Netgear router with nothing else on the network. Before a year ago it was Windows XP 32-bit, always latest ZA Free, USB cable ADSL Modem. But this is really a generic question about what a normal localhost ZA setting should be.)

Re: Should localhost be in trusted zone?

Localhost is your PC and must be set to Trusted. Make no sense to set it as Internet. Your are mixing up issues of program access with general settings about the PC. You need to install ZA 9 or move up to to another solution for keep getting asked by the same program about access (internet or not) as discussed here:Where is the option to remember the program alert setting?

Re: Should localhost be in trusted zone?

Originally Posted by fax

Localhost is your PC and must be set to Trusted. Make no sense to set it as Internet. Your are mixing up issues of program access with general settings about the PC. You need to install ZA 9 or move up to to another solution for keep getting asked by the same program about access (internet or not) as discussed here:Where is the option to remember the program alert setting?

Sorry,
Fax

I'm sorry, perhaps I wasn't clear.

I have been using ZoneAlarm since 2001, always the latest version, currently ZA10.

That whole time - 2001 until now - localhost has been set as Internet Zone, not trusted zone. I didn't set localhost as internet zone. The installs of ZA set themselves up with localhost as internet zone. I have never once changed which zone - internet or trusted - anything is in: localhost, or anything else.

I would like to know if there is any risk if I change localhost to trusted zone rather than internet zone, and if so what that risk is.

I can't help thinking there must be some advantage for localhost to be set as internet zone, not trusted, as ZA Free in every version from whatever the current version was in 2001 up to and including ZA 10 has installed itself with localhost in the internet zone (or perhaps, more accurately, without localhost being set in the trusted zone, and therefore treated as internet zone).

If localhost 'must' or 'should' be in the trusted zone, why have all the versions of ZA Free up to and including ZA 10 set themselves up on my computers with localhost in the internet zone?

Re: Should localhost be in trusted zone?

Hi!

sorry but I really can't follow what you are trying to say. Localhost (127.0.0.0) was in all previous versions of ZA set as TRUSTED in the ZA firewall at install. Not sure why it was not in yours. May be you changed it and then upgrading the ZA versions one over the other thus keeping that wrong setup.

For the rest see already my previous post. You can learn more about localhost here:

Re: Should localhost be in trusted zone?

sorry but I really can't follow what you are trying to say. Localhost (127.0.0.0) was in all previous versions of ZA set as TRUSTED in the ZA firewall at install.

It wasn't in mine. It was left in the Internet Zone.

Not sure why it was not in yours. May be you changed it

No, I never changed it. I am absolutely sure of that. I never altered what was set to Trusted Zone and what to Internet Zone. Not once.

and then upgrading the ZA versions one over the other thus keeping that wrong setup.

I have changed to a new computer several times during my 10 years of use of ZA. On each new computer I did a completely fresh install without any settings from the ZA on the previous computer coming anywhere near the new computer.

I don't know why my experience of ZA Free installs and the default settings it makes is different to yours. But it is different. The ZA installs on all my computers all left localhost in the Internet Zone and did not put it in the Trusted Zone. I never changed that. I am not mistaken, and I am not lying. That is how all ZA Free fresh installs have behaved on all my computers.

I am only interested in the history of why this should be in so far as it sheds any light on whether I should move localhost to the trusted zone now.

Localhost is your computer and makes no sense to set it as internet. It may cause connection issues and program mulfunctioning.

I know localhost is my computer. As I have had localhost set to internet, not trusted, for the last 10 years, I can say that it does not cause connection issues or program malfunctioning. It just causes ZA to pop up internet connection requests to 127.0.0.1 when a program tries to access another program on the same computer with internet protocols.

But let us leave all the above, and the question of why ZA installed for me with localhost in the internet zone, but for you with localhost in the trusted zone. It really doesn't matter.

The simple, single question I would like a definitive answer to is just this:

Is there any - any - risk or threat or exploit that my computer might be vulnerable to with localhost in the trusted zone that it wouldn't be vulnerable to with localhost in the internet zone?

Re: Should localhost be in trusted zone?

Nope sorry... localhost cannot be in the internet zone unless you are not speaking about the same same localhost (i.e. 127.0.0.0). It does not make sense and honestly I never ever heard of this issue here since using ZA (back with version 3 or 4).

localhost should be as trusted if it is not in your case you should change it. A simple search on this board will show you many posts about it.

Sorry can't add more than this to the issue. No panic, relax, sit back and enjoy your system with the correct localhost settings...